您的位置:山东大学 -> 科技期刊社 -> 《山东大学学报(理学版)》

山东大学学报(理学版) ›› 2014, Vol. 49 ›› Issue (09): 90-96.doi: 10.6040/j.issn.1671-9352.2.2014.337

• 论文 • 上一篇    下一篇

支持页面特征伪造识别的钓鱼网页检测方法

王伟平, 张兵   

  1. 中南大学信息科学与工程学院, 湖南 长沙 410083
  • 收稿日期:2014-06-24 修回日期:2014-08-27 出版日期:2014-09-20 发布日期:2014-09-30
  • 作者简介:王伟平(1969-),女,教授,博士,研究方向为网络信息安全.E-mail:wpwang@csu.edu.cn
  • 基金资助:
    国家自然科学基金资助项目(61173169)

Detecting phishing webpage with spoofed specific features

WANG Wei-ping, ZHANG Bing   

  1. School of Information Science and Engineering, Central South University, Changsha 410083, Hunan, China
  • Received:2014-06-24 Revised:2014-08-27 Online:2014-09-20 Published:2014-09-30

摘要: 钓鱼网站是指伪装成合法网站,窃取用户提交的账号、密码等私密信息的网站。基于页面特征识别的钓鱼网站检测方法具有较好的识别准确性,但现有方法对页面特征伪造的情况识别较弱,容易漏判。首先分析了大量钓鱼网站的页面代码,总结了常见的9种页面特征伪造方式,并针对性地提出了支持页面特征伪造识别的钓鱼网站检测方法。该方法对页面渲染后再做特征提取识别,在页面渲染过程中检查URL地址跳转的伪装,通过直接操纵DOM提取iframe内嵌页面的内容,去除页面所有隐藏元素以防止钓鱼攻击者伪造页面关键词。测试结果表明该方法能够去除多种伪装,完成页面特征的准确提取,提高检测的准确率。

关键词: 检测, 特征伪造, 钓鱼网页

Abstract: Phishing usually refers to websites masquerading as legitimate sites to steal users' accounts, passwords or other private information. The phishing webpage detection based on webpage specific features has a high accuracy rate. However, existing approaches cannot deal with the phishing webpage with spoofed specific features, which will lead to false negative results. Through analyzing a large number of phishing webpage, nine kinds of spoofing methods were concluded, which can conceal real page features or deliberately insert forged features. Based on this, a new detection method was proposed to deal with the spoofed specific features, in which webpage is rendered firstly, and then the real specific page features can be extracted. In the rendering process, the behavior of URL redirection was traced so as to capture the real domain features. After rendering, the webpage content embedded in iframe tag can be extracted and the hidden elements can be removed to defend keywords spoofing. Test results show that our method can uncover various camouflages, extract real webpage features and has a high detection accuracy rate.

Key words: phishing webpage, detection, spoofed feature

中图分类号: 

  • TP393
[1] 金山网络.2012年度计算机病毒及钓鱼网站统计报告[EB/OL].[2014-04-15].http://www.ijinshan.com/news/safety-data-2.shtml. Jinshan Network.2012 annual computer virus and fishing website statistics report[EB/OL].[2014-04-15].http://www.ijinshan.com/news/safety-data-2.shtml.
[2] Google. Google safe browsing API[EB/OL].[2014-04-15].http://code.google.com/apis/safebrowsing/.
[3] PRAKASH P, KUMAR M, KOMPELLA R R, et al. PhishNet: predictive blacklisting to detect phishing attacks[C]//Proceedings of the IEEE INFOCOM. New York: IEEE, 2010:1-5.
[4] SHENG S, WARDMAN B, WARNER G, et al. An empirical analysis of phishing blacklists[C]//Proceedings of the 6th Conference on Email and Anti-Spam. CA, USA: CEAS, 2009.
[5] GARERA S, PROVOS N, CHEW M, et al. A framework for detection and measurement of phishing attacks[C]//Proceedings of the 2007 ACM Workshop on Recurring Malcode(WORM'07).New York: ACM Press, 2007: 1-8.
[6] BASNET R B, SUNG A H. Mining web to detect phishing URLs[C]//Proceedings of the 11th International Conference on Machine Learning and Applications (ICMLA 2012).Los Alamitos: IEEE Computer Society, 2012: 568-573.
[7] ZHANG Jianyi, WANG Yonghao. A real-time automatic detection of phishing URLs[C]//Proceedings of the 2nd International Conference on Computer Science and Network Technology (ICCSNT2012). Piscatawaty: IEEE, 2012: 1212-1216.
[8] CHEN Kuanta, JAU-YUAN C, HUANG Chunrong, et al. Fighting phishing with discriminative keypoint features[J]. Proceedings of IEEE Internet Computing, 2009, 13(3): 56-63.
[9] HARA M, YAMADA A, MIYAKE Y. Visual similarity-based phishing detection without victim site information[C]//IEEE Symposium on Computational Intelligence in Cyber Security (CICS'09). Piscataway: IEEE, 2009: 30-36.
[10] 张卫丰,周毓明,许蕾,等.基于匈牙利匹配算法的钓鱼网页检测方法[J].计算机学报,2010, 33(10):1963-1975. ZHANG Weifeng, ZHOU Yuming, XU Lei, et al. A method of detecting phishing web pages based on hungarian matching algorithm[J]. Chinese Journal of Computers, 2010, 33(10): 1963-1975.
[11] CHEN T C, DICK S, MILLER J. Detecting visually similar web pages: application to phishing detection[J]. ACM Transactions on Internet Technology, 2010, 10(2): 5.1-5.38.
[12] CHOU N, LEDESMA R, TERAGUCHI Y, et al. Client-side defense against web-based identity theft[C]//Proceedings of the 11th Annual Network and Distributed System Security Symposium(NDSS 2004).[S.l.]:[s.n.],2014.
[13] JOSHI Y, SAKLIKAR S, DAS D, et al. PhishGuard: a browser plug-in for protection from phishing[C]//Proceedings of 2nd International Conference on Internet Multimedia Services Architecture and Applications (IMSAA 2008). New York: IEEE, 2008: 1-6.
[14] LIU Gang, QIU Bite, LIU Wenyin. Automatic detection of phishing target from phishing webpage[C]//Proceedings of 20th International Conference on Pattern Recognition (ICPR 2010). Los Alamitos: IEEE Computer Society, 2010: 4153-4156.
[15] ZHANG Yue, HONG Jason, CRANOR Lorrie. Cantina:a content-based approach to detecting phishing web sites[C]//Proceedings of the 16th International Conference on World Wide Web. New York: ACM Press, 2007: 639-648.
[16] XIANG Guang, HONG Jason, ROSE Carolyn, et al. CANTINA+: a feature-rich machine learning framework for detecting phishing web sites[J]. ACM Transactions on Information and System Security, 2011, 14(2): 21.1-21.28.
[17] PhishTank.基于社区的反钓鱼攻击服务[EB/OL].[2014-04-15].http://www.phishtank.com/phish-search.php? valid=y&active=y. PhishTank.Community service based on the anti phishing attacks[EB/OL].[2014-04-15].http://www.phishtank.com/phish-search.php? Valid=y&active=y.
[18] 丁南燕.世界各国网址大全[EB/OL].[2014-04-15].http://www.world68.com/. DING Nanyan. The world web site[EB/OL].[2014-04-15].http://www.world68.com/.
[1] 叶晓鸣,陈兴蜀,杨力,王文贤,朱毅,邵国林,梁刚. 基于图演化事件的主机群异常检测模型[J]. 山东大学学报(理学版), 2018, 53(9): 1-11.
[2] 原伟,唐亮,易绵竹. 基于本体的俄文新闻话题检测设计与实现[J]. 山东大学学报(理学版), 2018, 53(9): 49-54.
[3] 王凯,洪宇,邱盈盈,王剑,姚建民,周国栋. 一种查询意图边界检测方法研究[J]. 山东大学学报(理学版), 2017, 52(9): 13-18.
[4] 随云仙,刘勇. 基于二步邻居拓扑的E-Burt结构洞检测算法[J]. 山东大学学报(理学版), 2017, 52(9): 59-68.
[5] 梁小林,郭敏,李静. 更新几何过程的参数估计[J]. 山东大学学报(理学版), 2017, 52(8): 53-57.
[6] 庄政茂,陈兴蜀,邵国林,叶晓鸣. 一种时间相关性的异常流量检测模型[J]. 山东大学学报(理学版), 2017, 52(3): 68-73.
[7] 王彤,马延周,易绵竹. 基于DTW的俄语短指令语音识别[J]. 山东大学学报(理学版), 2017, 52(11): 29-36.
[8] 岳猛,吴志军,姜军. 云计算中基于可用带宽欧氏距离的LDoS攻击检测方法[J]. 山东大学学报(理学版), 2016, 51(9): 92-100.
[9] 高元照,李炳龙,吴熙曦. 基于物理内存的注册表逆向重建取证分析算法[J]. 山东大学学报(理学版), 2016, 51(9): 127-136.
[10] 杜红乐,张燕,张林. 不均衡数据集下的入侵检测[J]. 山东大学学报(理学版), 2016, 51(11): 50-57.
[11] 周先存, 黎明曦, 李瑞霞, 徐明鹃, 凌海波. 多点协作复制攻击检测研究[J]. 山东大学学报(理学版), 2015, 50(07): 54-65.
[12] 王磊, 何辰, 谢江宁. 基于加权PCA分析的三维点云模型对称性检测算法[J]. 山东大学学报(理学版), 2014, 49(09): 166-170.
[13] 范铭, 刘均, 郑庆华, 田振洲, 庄尔悦, 刘烃. 基于栈行为动态胎记的软件抄袭检测方法[J]. 山东大学学报(理学版), 2014, 49(09): 9-16.
[14] 刘烃, 赵宇辰, 刘杨, 孙亚楠. 基于报警数据融合的智能电网攻击检测方法[J]. 山东大学学报(理学版), 2014, 49(09): 35-40.
[15] 刘纪芹,张彤. P-集合的粒度与P-知识辨识发现[J]. 山东大学学报(理学版), 2014, 49(06): 6-10.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!